Certified Information Systems Security Professional (CISSP)
Access Control Systems and Methodologies
1.Access control concepts, methodologies, and implementation
2.Access controls: detective, corrective, and preventative
3.Access control techniques in centralized and decentralized environments
4.Access control risks, vulnerabilities, and exposures
Security Architecture and Models
1.Secure operating system principles, concepts, mechanisms, controls, and standards
2.Secure architecture design, modeling, and protection
3.Security models: confidentiality, integrity, and information flow
4.Government and commercial security requirements
5.Common criteria, ITSEC, TCSEC, IETF, IPSEC
6.Technical platforms
7.System security preventative, detective, and corrective measures
Disaster Recovery and Business Continuity Planning
1.Business continuity planning, business impact analysis, recovery strategies, recovery plan development, and implementation
2.Disaster recovery planning, implementation, and restoration
3.Compare and contrast disaster recovery and business continuity
Security Management Practices
1.Organizational security roles
2.Identification of information assets
3.Security management planning
4.Security policy development; use of guidelines, standards, and procedures
5.Security awareness training
6.Data classification and marking
7.Employment agreements and practices
8.Risk management tools and techniques
Law, Investigation, and Ethics
1.Computer crime detection methods
2.Applicable computer crime, security, and privacy laws
3.Evidence gathering and preservation methods
4.Computer crime investigation methods and techniques
5.Civil, criminal, and investigative law
6.Intellectual property law
7.ISC2 and IAB ethics application
Physical Security
1.Prevention, detection, and correction of physical hazards
2.Secure site design, configuration, and selection elements
3.Access control and protection methods for facility, information, equipment, and personnel
Operations Security
1.Resource protection mechanisms and techniques
2.Operation security principles, techniques, and mechanisms; principles of good practice and limitation of abuses
3.Operations security preventative, detective, and corrective measures
4.Information attacks
5.Access Control Subversion
Cryptography
1.Cryptographic concepts, methods, and practices
2.Construction of algorithms
3.Attacks on cryptosystems
4.Ancient cryptography and modern methods
5.Public and private key algorithms and uses
6.Key distribution and key management
7.Digital signature construction and use
8.Methods of attack, strength of function
Telecommunications and Network Security
1.Overview of communications and network security
2.Voice communications, data communications, local area, wide area, and remote access
3.Internet/Intranet/Extranet, firewalls, routers, and network protocols
4.Telecommunication and network security preventative, detective, and corrective measures
5.System development process and security controls
6.System development life cycle, change controls, application controls, and system and application integrity
7.Database structure, concepts, design techniques, and security implications
8.Object oriented programming
9.Data warehousing and data mining
cissp cbt nuggets, cissp study guide and cissp sybex guide are available for free download on www.azires.com. You will succeed in cissp exam certification at first attempt.
